Job description

Senior Incident Responder – SOC Analyst (L3) Birmingham or Glasgow | Up to £71,000 + Bonus + Benefits | Hybrid | SC Clearance Required or Eligible Our client – a global technology and services firm – is expanding its Managed Security Operations Centre and seeking a Senior Incident Responder (L3 SOC Analyst) to take the lead on complex security incidents, investigations, and threat response. This is a hands-on, senior-level role at the sharp end of cybersecurity operations, working on major incidents across enterprise environments, guiding L1/L2 analysts, and collaborating with client stakeholders to deliver best-in-class detection, response, and remediation. The Role You’ll take ownership of escalated incidents, conduct detailed investigations, and ensure effective containment and eradication of threats. You’ll act as the escalation point within the SOC, providing technical expertise, mentoring junior analysts, and driving continuous improvement of incident response processes. Key Responsibilities: • Lead complex investigations into security incidents and breaches. • Perform root cause analysis and provide actionable recommendations. • Conduct static and dynamic malware analysis; reverse engineer to identify IOCs. • Monitor, tune, and optimise SIEM tools – particularly IBM QRadar, Splunk, and Microsoft Sentinel. • Develop and refine SOC use cases, runbooks, and playbooks. • Integrate emerging threat intelligence into monitoring and detection workflows. • Liaise with clients, Service Delivery Managers, and technical teams to manage escalations and coordinate response. • Maintain high standards of documentation, including post-incident reports and monthly performance packs. • Support presales activities and SOC solution demonstrations when required. What You’ll Bring • 3–5 years’ experience in cybersecurity operations, ideally within a SOC or incident response environment. • Proven expertise with QRadar (key focus), Splunk, or Microsoft Sentinel. • Strong grasp of network traffic analysis, vulnerability management, and ethical hacking techniques. • Solid understanding of DFIR principles and evidence handling. • Knowledge of ITIL processes – Incident, Problem, and Change Management. • Comfortable working autonomously in a 24/7 or on-call operations environment. • Excellent communication and stakeholder engagement skills. Certifications (Preferred): CISSP, GIAC (GCIA/GCIH/GCFA), SC-200, or equivalent. Cloud Experience: Exposure to AWS and/or Azure environments. Security Clearance: You must hold, or be eligible to obtain, SC Clearance.

Requirements